IMA: include specific library in BPRM_CHECK

Posted on

Hello,

After booting with ima=on, ima_policy=tcb, I think the default policy contains also:
measure func=BPRM_CHECK

Now I need to include only specific library for this check.
Can you please tell what is the exact syntax :
echo "measure ...." > /sys/kernel/security/ima/policy

The goal is to defend the rootfs from files modification by hacker.

Thank you,
Zvika

Responses